Cyberwarfare – Are You Ready?
Between 27 June to 4 July 2018, SingHealth, Singapore’s largest group of healthcare institutions, was victim to the worst cyberattack in the country’s history, with a data breach of 1.5 million patients. Impending hearings are set to commence 28 August 2018.
Gino Bello, Senior Director of Technology in Singapore, sat down with FTI Consulting’s Global Head of Cybersecurity, Anthony J. Ferrante (previously Chief of Staff of the FBI’s Cyber Division and Director for Cyber Incident Response at the U.S. National Security Council at the White House), to discuss what can be learnt from the attack and how companies can protect themselves.
Anthony, thank you for your time. A number of weeks ago, Singapore experienced the country’s worst ever data breach, with personal information being stolen from SingHealth’s computer systems, including Prime Minister Lee Hsien Loong’s information. A four-member Committee of Inquiry (COI) has been set up to investigate the cyber attack, with hearings expected to commence in the coming weeks, but do we know who could have done this? And why?
Reports have indicated that this sophisticated cyberattack was a state-sponsored effort specifically targeting the information of Prime Minister Lee Hsien Loong. Cybercriminal tools like malware are increasingly being leveraged by nation-states seeking inexpensive – and easily deniable – ways to conduct targeted operations. Geopolitical tensions can lead to incidents like this, particularly as nation-state actors become more equipped to launch attacks on this new frontier of cyberwarfare.
Names, Identity Card (IC) numbers, addresses, gender, race and dates of birth have been taken. In our experience, when coupled with credit card numbers, phone numbers and email addresses, we have seen victims of identity theft as well as insurance and health claims fraud. With such profitable information being taken, what else could it be used for?
Cyber criminals are primarily motivated by monetary gains and pose a serious threat to corporations. They are often laser-focused on stealing personal data so they can sell it on the black market to identity thieves. Cyber hacks may seem improbable, or even unlikely, but they often have a severe impact on operations, consumer trust and even, financial standing. While the attack on SingHealth has not led to the disruption of health care services, we have seen other breaches – like the ransomware on the United Kingdom’s National Health Service (NHS) – have a large-scale impact on a hospital’s operations.